A permanent Cross Site Scripting vulnerability was found in FreePBX 2.5.x
and 2.6, because the application fails to sanitize user-supplied input.
The vulnerability can be triggered by any logged-in user who is able to
add an Inbound Route.

Proof of Concept:

Add <script>alert(Cybsec XSS);</script> as a Description in an Inbound
Route.

Impact:

An affected user may unintentionally execute scripts or actions written by
an attacker. In addition, an attacker may obtain authorization cookies
that would allow him to gain unauthorized access to the application.

For more information regarding the vulnerability feel free to contact the
researcher at
ihuertas <at> cybsec <dot> com

About CYBSEC S.A. Security Systems

Since 1996, CYBSEC is engaged exclusively in rendering professional
services specialized in Information Security. Their area of services
covers Latin America, Spain and over 250 customers are a proof of their
professional life.

To keep objectivity, CYBSEC S.A. does not represent, neither sell, nor is
associated with other software and/or hardware provider companies.